Author |
Topic: Windows Defender Scam???? |
Richard Sinkler
From: aka: Rusty Strings -- Missoula, Montana
|
Posted 4 May 2021 10:48 am
|
|
Got the following email in my spam folder today. I called the number, which is real. After telling them that I don't use Norton, McAffee or Webroot security software, he then tells me that this charge is for the rights to use Windows Defender (which I also don't use) on my Windows computer. My understanding has always been that Windows Defender was part of Windows and there was no extra charges if you use it (which I do not).
Has anyone else run into this? I am pretty sure it is a scam.
Forgot to add, he wanted to access my computer to see if I am indeed using Defender. Not going to happen in my lifetime.
_________________ Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 54 years and still counting. |
|
|
|
Jack Stoner
From: Kansas City, MO
|
Posted 4 May 2021 12:37 pm
|
|
Total scam. _________________ GFI Ultra Keyless S-10 with pad (Black of course) TB202 amp, Hilton VP, Steelers Choice sidekick seat
Cakewalk by Bandlab and Studio One V4.6 pro DAWs, MOTU Ultralite MK5 recording interface unit (for sale) |
|
|
|
Wiz Feinberg
From: Mid-Michigan, USA
|
Posted 4 May 2021 6:53 pm
|
|
Richard, didn't you find the poor English and word choices to be suspicious before you called the number? Bad grammar, misspellings and unusual word combinations are dead giveaways that an email is a scam.
Not all email scams are so poorly composed. Those take more analysis. But emails like this need no further exploration to determine that they are scams.
Richard, if you still have that email, please forward it to me as an attachment so I can read the headers and trace where it came from and add it to the appropriate blocklist. If you don't know how to forward as an attachment, send me a PM and I will guide you through it. _________________ "Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Wiz Feinberg
From: Mid-Michigan, USA
|
Posted 4 May 2021 7:03 pm Re: Windows Defender Scam????
|
|
Richard Sinkler wrote: |
I called the number, which is real. After telling them that I don't use Norton, McAffee or Webroot security software, he then tells me that this charge is for the rights to use Windows Defender (which I also don't use) on my Windows computer. My understanding has always been that Windows Defender was part of Windows and there was no extra charges if you use it (which I do not).
|
Richard;
Unless you are using an ancient version of Windows, like XP, you are using Windows Defender. It is an integral part of Windows 10 and is virtually impossible to disable. Even if you have no other anti-virus software, you do have Defender watching your six. As you guessed, you don't have to pay for it. It is part of Windows, always running in the background, updating silently as needed, staying out of the way unless something bad happens. It is getting better all the time.
I am glad you caught onto the scam before giving remote access to the scammer. He would have planted a backdoor, plus a keylogger or ransomware on your computer. _________________ "Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Richard Sinkler
From: aka: Rusty Strings -- Missoula, Montana
|
Posted 5 May 2021 3:52 am
|
|
Wiz... The first thing I did notice was the part that says:
Quote: |
the services automatically renewed for which you has charged $448.99 |
. Bad grammar.
Being pretty sure it was a scam, I called the number (which I expected wasn't real but it was) to scream, yell, cuss, accuse, and just basically make myself feel better. First he was telling me that the charge was for Norton, McAfee, Webroot, all of which I have used in the past (at least 5 years ago) and I never put antivirus software on autorenew because every one of them charge more to renew than to go buy brand new software. So naturally I was concerned. Then he started saying it was for continued use of Defender. I remember reading something about Defender, that installing 3rd party antivirus disables Defender, thus my comment about me not using it. When I started telling him that I knew about other companies, people, etc can get into your computer to do diagnostics, repairs and other really crappy stuff, it set him back a little. When I laid into him about it being a scam, he countered by saying that he has not asked for any private info, to which I screamed "YET!!!" and yelled at him that gaining access to my computer would be just as bad as giving him all my info. He tried to convince me he would just check to see if I was using Defender. After cussing him out, I told I would call him back if I needed to. After all, I might need an outlet for another fit of rage.
Wiz... PM me the email you want me to forward that email to. I know how to forward as an attachment.
I really had fun ripping into this putz. _________________ Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 54 years and still counting. |
|
|
|
Wiz Feinberg
From: Mid-Michigan, USA
|
Posted 5 May 2021 6:16 am
|
|
Richard;
Even though Defender is sometimes disabled when it detects other anti-malware programs, it gets instantly turned back on if those programs stop monitoring in real time. In the case of Malwarebytes, it is never shut off, even though Malwarebytes Premium has a real time monitor. I have both protecting my computers. _________________ "Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Jack Stoner
From: Kansas City, MO
|
Posted 5 May 2021 8:00 am
|
|
I use Windows Defender and Malwarebytes Premium (I have one of the lifetime Malwarebytes licenses). I've used other Antivirus programs but Windows Defender, along with Malwarebytes, has served me well.
Although it is an obvious scam, one word that hit home is
"kindly". I do support on the Dell forums and see "Kindly" used frequently in posts by users from India. _________________ GFI Ultra Keyless S-10 with pad (Black of course) TB202 amp, Hilton VP, Steelers Choice sidekick seat
Cakewalk by Bandlab and Studio One V4.6 pro DAWs, MOTU Ultralite MK5 recording interface unit (for sale) |
|
|
|
Richard Sinkler
From: aka: Rusty Strings -- Missoula, Montana
|
Posted 5 May 2021 10:56 am
|
|
The phone number is a New York number (but could forward to somewhere else). While the guy had a little bit of an accent, it didn't sound Indian. I also forgot to mention that I called the number and got a voice-mail. I left a message to call me, and he did.
Wiz... I'll forward the email in a little bit. _________________ Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 54 years and still counting. |
|
|
|
Wiz Feinberg
From: Mid-Michigan, USA
|
Posted 5 May 2021 6:19 pm
|
|
Richard's scam email came from Italy, from a computer named "DESKTOP-286KB9O", possibly from a "botted" computer. I have reported it through SpamCop. The email template was composed in India by English speaking Indian scammers. I learned this from the source code, which includes several sentences like this one, all stating the language country code as EN-IN, meaning English-India.
<p class="MsoNormal"><span lang="EN-IN">Hello Customer,<o:p></o:p></span></p>
and this line: <p class="MsoNormal"><span lang="EN-IN">This is Kevin Peter, Manager ... _________________ "Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Richard Sinkler
From: aka: Rusty Strings -- Missoula, Montana
|
Posted 6 May 2021 2:14 am
|
|
Thanks. You're amazing. _________________ Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 54 years and still counting. |
|
|
|